package com.myfb.antstorm.authserver.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;

/**
 * @Auther: yiwenhu
 * @Date: 2019-04-02 下午 4:16
 * @Description:
 */
//@Configuration
//@EnableResourceServer
//public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
//
//    @Override
//    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
//        //此处是关键，默认stateless=true，只支持access_token形式，
//        // OAuth2客户端连接需要使用session，所以需要设置成false以支持session授权
//        resources.stateless(false);
//    }
//    @Override
//    public void configure(HttpSecurity http) throws Exception {
//        http.authorizeRequests().anyRequest().authenticated()
//                .and()
//                .formLogin()
//                .and()
//                .httpBasic();
//        //需要的时候创建session，支持从session中获取认证信息，ResourceServerConfiguration中
//        //session创建策略是stateless不使用，这里其覆盖配置可创建session
//        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
//    }
//}
